On February 27, 2018, the Supreme Court heard oral argument for United States v. Microsoft Corporation. The case considered whether a United States provider of email services must comply with a probable cause based warrant issued under 18 U.S.C. § 2703, even if the provider has decided to store the material abroad. Under 18 U.S.C. § 2703(a), the government may require disclosure by a provider of email services of wire or electronic communications stored in an electronic communications system for one hundred and eighty days or less pursuant to a probable case based warrant. If the wire or electronic communications are stored in an electronic communications system for more than one hundred and eighty days, a court order for disclosure is necessary under 18 U.S.C. § 2703(d).
Microsoft Corporation is a United States corporation. Along with other functions, Microsoft operates free, web-based email services such as “MSN” and “Hotmail.” Data related and contents of users’ email accounts are stored on a network of approximately one million servers located worldwide.
In December 2013, the Government provided Microsoft with a warrant for email information related to a particular user’s email account. The warrant was issued pursuant to 18 U.S.C. § 2703, part of Title II of the Electronic Communications Privacy Act. The same section is generally called the Stored Communications Act (SCA). The warrant covered information associated with an MSN.com email account “stored at premises owned, maintained, controlled, or operated by Microsoft Corporation.”
In response to the warrant, Microsoft disclosed the account identification records, which were stored in the United States. However, the company refused to disclose the contents of emails within the account, as they were stored in a datacenter in Ireland. Instead, Microsoft moved to quash the warrant as it related to material stored abroad, and argued that requiring disclosure would be an impermissible extraterritorial application of the statute. The motion to quash was denied by a magistrate judge who held that “a Section 2703 {o}perates like a subpoena because it is served on the {provider} in possession of the information and does not involve government agents entering the premises of the {provider} to search its servers and seize the e-mail account in question.” After a de novo review, the district court affirmed the decision and held Microsoft in civil contempt for refusing to disclose.
The Second Circuit reversed the denial of the motion to quash and vacated the civil contempt, arguing instead that the relevant statute focused on maintaining the privacy of a user’s email communications and that the invasion of the customer’s privacy takes place where the customer’s content is stored. In this case, the “invasion of privacy” was in Dublin, Ireland.
In its brief, the Government argued that the focus of 18 U.S.C. § 2703 was disclosure, rendering the application of law at issue domestic. The Government also argued that Microsoft’s contrary theory would be impractical and detrimental to law enforcements. Lastly, the Government argued that the enforcement of § 2703 respected the United States’ international obligations.
Microsoft Corporation, on the other hand, argued that Congress gave no indication that the Stored Communications Act should apply extraterritorially and that a warrant issued under the Stored Communications Act requiring the disclosure of communications stored overseas was an impermissible extraterritorial application. Microsoft also argued that Congress was the appropriate body to make decisions regarding when and how to extend U.S. law.
Chief Justice Roberts reproached Microsoft for attracting customers by ensuring that their emails would be stored overseas. Justice Alito agreed with Justice Roberts’ view and noted that, if Microsoft prevailed, the government could produce probable cause to obtain information but still be unable to acquire the emails if the provider stores them overseas.
Justice Ginsburg, Justice Gorsuch, and Justice Sotomayor, on the other hand, were more sympathetic to the idea that disclosure of data stored overseas was not required. Justice Gorsuch asked why the Court shouldn’t consider the fact that some part of the process, whether search or disclosure, occurred overseas. Justice Ginsburg emphasized that, before it could turn over the emails in the United States, Microsoft needed to take action in Ireland. Justice Sotomayor asked why Congress, rather than the Supreme Court was not the best suited body to deal with the current questions before the Court.
Lastly, it was also worth noting that Congress enacted, and the President signed, the Consolidated Appropriations Act, 2018 H.R. 1625, 115th Cong., 2d Sess. (2018). The Clarifying Lawful Overseas Use of Data Act, or CLOUD Act, was enclosed within. The CLOUD Act amends the Stored Communications Act to state:
Based on the amended statute, the Government intends to file a supplemental filing.